Facebook
Twitter
- Server operating system version
- Debian 10.2
- Plesk version and microupdate number
- Obsidian 18.0.43
Hi all,
A year ago we had a cors problem reported by a customer on a Wordpress using a main domain and another domain for a version of another language. There was a "Cors origin" issue with the Wordpress Beaver content editor.
We solved the problem by stating this:
Apache Settings
SetEnvIf Origin "^https?://[^/]*(domainA.com|comainB.com)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
# Always set Vary: Origin when it's possible you may send CORS headers
Header merge Vary Origin
Nginx Settings
add_header 'Access-Control-Allow-Origin' 'https://www.domainB.com';
NB: the domain B is an alias of the domain A.
It was working at that time. There is a change of OS since (Centos to Debian). It is not known since when the problem returned.
So, we can not use at the moment Wordpress admin Beaver (with the domain B). We have this error:
...from origin 'https://www.domainB.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
...
...from origin 'https://www.domainB.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://www.domainB.com, https://www.domainB.com', but only one is allowed.
Do you know why the problem is back now?
We tested disabling on the Apache side (leaving the configuration on the Nginx side) and the oposite. It does not work.
How to solve this?
Thank you.
A year ago we had a cors problem reported by a customer on a Wordpress using a main domain and another domain for a version of another language. There was a "Cors origin" issue with the Wordpress Beaver content editor.
We solved the problem by stating this:
Apache Settings
SetEnvIf Origin "^https?://[^/]*(domainA.com|comainB.com)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
# Always set Vary: Origin when it's possible you may send CORS headers
Header merge Vary Origin
Nginx Settings
add_header 'Access-Control-Allow-Origin' 'https://www.domainB.com';
NB: the domain B is an alias of the domain A.
It was working at that time. There is a change of OS since (Centos to Debian). It is not known since when the problem returned.
So, we can not use at the moment Wordpress admin Beaver (with the domain B). We have this error:
...from origin 'https://www.domainB.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
...
...from origin 'https://www.domainB.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://www.domainB.com, https://www.domainB.com', but only one is allowed.
Do you know why the problem is back now?
We tested disabling on the Apache side (leaving the configuration on the Nginx side) and the oposite. It does not work.
How to solve this?
Thank you.
